24 matches found
CVE-2026-45108 Himmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Authorization Grant (DAG) Flow
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...
EUVD-2026-31522
Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...
PT-2026-40252
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO URL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a ...
World Passkey Day: Advancing passwordless authentication
World Passkey Day is a chance to reflect on progress toward a shared goal: reducing our reliance on passwords and other phishable authentication methods by accelerating passkey adoption. As cyberattacks become more automated and AI-powered, each account is only as secure as its weakest credential...
CVE-2026-42525
Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
EUVD-2026-26227
Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
PT-2026-35919
Name of the Vulnerable Software and Affected Versions Jenkins Microsoft Entra ID previously Azure AD Plugin versions prior to 666.v6060de32f87d Description The plugin does not restrict the redirect URL after login, which allows attackers to perform phishing attacks. Recommendations Update the...
CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability
...
Microsoft Entra ID Entitlement Management Spoofing Vulnerability
Server-side request forgery ssrf in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-17983
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, grant themselves elevated privileges or gain access to sensitive data. Azure Entra ID: |----------------|------|-------------------------------------| ...
CVE-2026-3224
Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...
CVE-2026-0948
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4...
EUVD-2026-5338
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4...
Drupal Microsoft Entra ID SSO Login 安全漏洞
Drupal Microsoft Entra ID SSO Login is a single-sign-on integration module provided by the Drupal company in collaboration with Microsoft. Versions of Drupal Microsoft Entra ID SSO Login prior to 1.0.4 contained security vulnerabilities. These vulnerabilities stemmed from the use of alternative...
PT-2026-4311
Name of the Vulnerable Software and Affected Versions Azure Entra ID affected versions not specified Description An elevation of privilege issue exists in Azure Entra ID. Successful exploitation could allow unauthorized access. Recommendations At the moment, there is no information about a newer...
3 OAuth TTPs Seen This Month — and How to Detect Them with Entra ID Logs
How OAuth tokens, JWT fields and Entra sign-in logs reveal attacker behavior, and how to turn those signals into reliable detections...
Microsoft Endpoint Configuration Manager (CVE-2025-59501)
The Microsoft Endpoint Configuration Manager application installed on the remote host is missing a security hotfix documented in the vendor advisory. It is, therefore, affected by an elevation of privilege vulnerability. An attacker could exploit this vulnerability by modifying the user principal...
CVE-2025-59218
Azure Entra ID Elevation of Privilege Vulnerability...
Microsoft Entra ID 访问控制错误漏洞
Microsoft Entra ID is a cloud-based identity and management solution from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Entra ID that stems from an elevation of privilege vulnerability...